We currently restrict our development org from promoting a release to our “Production” environments but not listing it under the Configuration -> Team -> Development -> Environments list. However, this also means that devs can’t even “see” anything related to that environment. For example, I would like the ability to for people in that group to go to a project’s Overview page and see which releases were promoted to a production environment. Is there a way to setup the roles to view certain environments, but not allow a deployment to those environments?
Hi,
We have a fantastic documentation page on how you can do this in Octopus! I will link to it below but also give you a basic rundown of how you can achieve this for your scenario.
The idea involves creating separate teams for each group you want to have different permissions. (It looks like you have this part covered)
You then have give your teams the desired roles and scope the teams to the environments/projects they are restricted to, for example:
Team: Development org
Roles: Project deployers
Scope: Environment - Development
Scope: Projects - Projects, a, b, c (If you want to restrict users in this team to a specific project)
Members: Add all development org users
You could then create a separate team:
Team: Environment viewers
Roles: Environment view
Scope: Development, Production. (Or unscoped to see everything)
Users: Any users you want to be restricted to see dev/production or unscoped for users to see to see all
The first team would give the users access to deploy to development but nowhere else. (You can add any extra rolls you wish the users to have, I only used the one for this example.)
The second team gives any users you add access to view the development and production environment.
This is a fairly basic example I have provided and the documentation will have more information on how you can achieve this.
As for the documentation with more information.
Let me know if that helps or if you have any further questions.
Best regards,
Daniel